/src/boringssl/pki/extended_key_usage.cc

Source
// Copyright 2015 The Chromium Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include "extended_key_usage.h"

#include <openssl/bytestring.h>

#include "input.h"
#include "parser.h"

BSSL_NAMESPACE_BEGIN

bool ParseEKUExtension(der::Input extension_value,
                       std::vector<der::Input> *eku_oids) {
  der::Parser extension_parser(extension_value);
  der::Parser sequence_parser;
  if (!extension_parser.ReadSequence(&sequence_parser)) {
    return false;
  }

  // Section 4.2.1.12 of RFC 5280 defines ExtKeyUsageSyntax as:
  // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
  //
  // Therefore, the sequence must contain at least one KeyPurposeId.
  if (!sequence_parser.HasMore()) {
    return false;
  }
  while (sequence_parser.HasMore()) {
    der::Input eku_oid;
    if (!sequence_parser.ReadTag(CBS_ASN1_OBJECT, &eku_oid)) {
      // The SEQUENCE OF must contain only KeyPurposeIds (OIDs).
      return false;
    }
    eku_oids->push_back(eku_oid);
  }
  if (extension_parser.HasMore()) {
    // The extension value must follow ExtKeyUsageSyntax - there is no way that
    // it could be extended to allow for something after the SEQUENCE OF.
    return false;
  }
  return true;
}

BSSL_NAMESPACE_END

Line	Count	Source
1		// Copyright 2015 The Chromium Authors
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// https://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14
15		#include "extended_key_usage.h"
16
17		#include <openssl/bytestring.h>
18
19		#include "input.h"
20		#include "parser.h"
21
22		BSSL_NAMESPACE_BEGIN
23
24		bool ParseEKUExtension(der::Input extension_value,
25	47	std::vector<der::Input> *eku_oids) {
26	47	der::Parser extension_parser(extension_value);
27	47	der::Parser sequence_parser;
28	47	if (!extension_parser.ReadSequence(&sequence_parser)) {
29	1	return false;
30	1	}
31
32		// Section 4.2.1.12 of RFC 5280 defines ExtKeyUsageSyntax as:
33		// ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
34		//
35		// Therefore, the sequence must contain at least one KeyPurposeId.
36	46	if (!sequence_parser.HasMore()) {
37	1	return false;
38	1	}
39	233	while (sequence_parser.HasMore()) {
40	194	der::Input eku_oid;
41	194	if (!sequence_parser.ReadTag(CBS_ASN1_OBJECT, &eku_oid)) {
42		// The SEQUENCE OF must contain only KeyPurposeIds (OIDs).
43	6	return false;
44	6	}
45	188	eku_oids->push_back(eku_oid);
46	188	}
47	39	if (extension_parser.HasMore()) {
48		// The extension value must follow ExtKeyUsageSyntax - there is no way that
49		// it could be extended to allow for something after the SEQUENCE OF.
50	4	return false;
51	4	}
52	35	return true;
53	39	}
54
55		BSSL_NAMESPACE_END

Coverage Report

Created: 2025-08-28 06:59